particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

manifest: set selinux labels for cp and tar conditionally

Browse source 
Only label cp and tar if they're found in the list of packages for the
build root.
This commit is contained in:
Achilleas Koutsou 2022-10-31 20:42:02 +01:00 committed by Christian Kellner
parent ce037e24be
commit e8285fb2bf
1 changed files with 16 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

20
internal/manifest/build.go
View file

@ -90,12 +90,24 @@ func (p *Build) serialize() osbuild.Pipeline {
pipeline.AddStage(osbuild.NewRPMStage(osbuild.NewRPMStageOptions(p.repos), osbuild.NewRpmStageSourceFilesInputs(p.packageSpecs)))
pipeline.AddStage(osbuild.NewSELinuxStage(&osbuild.SELinuxStageOptions{
FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
Labels: map[string]string{
// TODO: make conditional
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0",
},
Labels: p.getSELinuxLabels(),
},
))
return pipeline
}
// Returns a map of paths to labels for the SELinux stage based on specific
// packages found in the pipeline.
func (p *Build) getSELinuxLabels() map[string]string {
labels := make(map[string]string)
for _, pkg := range p.getPackageSpecs() {
switch pkg.Name {
case "coreutils":
labels["/usr/bin/cp"] = "system_u:object_r:install_exec_t:s0"
case "tar":
labels["/usr/bin/tar"] = "system_u:object_r:install_exec_t:s0"
}
}
return labels
}